Bug#446956: CVE-2007-5469 toll fraud and authentication forward attack
Julien BLACHE
jblache at debian.org
Wed Oct 17 08:25:19 UTC 2007
Nico Golde <nion at debian.org> wrote:
Hi,
> CVE-2007-5469[0]:
> | OpenSER 1.2.2 does not verify the Digest authentication header URI
> | against the Request URI in SIP messages, which allows remote attackers
> | to use sniffed Digest authentication credentials to call arbitrary
> | telephone numbers or spoof caller ID (aka "toll fraud and
> | authentication forward attack").
I can dig up the patch mentionned on full-disclosure, but it's only
one part of the solution. The user needs to add the required logic in
its config to actually "fix" the problem.
Also it's not clear yet whether this also applies to OpenSER < 1.2,
though the post on full-disclosure seems to imply that all versions
prior to SVN 20071004 are affected.
JB.
--
Julien BLACHE - Debian & GNU/Linux Developer - <jblache at debian.org>
Public key available on <http://www.jblache.org> - KeyID: F5D6 5169
GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169
More information about the Pkg-voip-maintainers
mailing list